A Comparative Study of Machine Learning and Deep Learning Techniques for Zero-Day Vulnerability Detection

Zero-day vulnerabilities remain a crucial and continuous threat to information systems, as they could be widely exploited before valid patches are released to fix the vulnerabilities. The intrusion detection systems, such as anomaly and signature-based methods, play a significant role in detecting the presence of any vulnerability. However, such systems face issues in terms of false positive occurrences, especially in the case of zero-day attacks. This research is concerned with the effectiveness of machine learning and deep learning models in trying to detect zero-day exploits in Intrusion Detection System frameworks. With an aim to increase detection accuracy and still reduce false positives, a comparison and integration of various Machine Learning and Deep Learning approaches were deployed for the detection techniques. In this research, the datasets are based on the CIC-IDS-2017 and CIC-TON-IOT, and here the various preprocessing methods conducted have been on a set of parameters involved before training. This work compared the machine learning models, namely, Support Vector Machines, Random Forest, K-Nearest Neighbors, Decision Trees, Extreme Gradient Boosting, with the emerging deep learning models like Autoencoders and Generative Adversarial Networks. A hybrid approach applying both datasets and IDS techniques is further presented to mitigate the amount of false positive outcomes. The result shows that machine learning models, in general, are better than deep learning models for zero-day vulnerability detection and reducing the false positive rate. The hybrid approach could further reduce false positives and elevate detection accuracy.